Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS397968.roa
File:                     AS397968.roa (raw, json)
Hash identifier:          dnDv+iSvRJRBxlxUkxUWiy695uHVfwigxBaHtrA5naY=
Subject key identifier:   E7:FC:C6:A1:43:6D:EE:54:BA:21:76:F0:AB:FF:C0:7E:D1:7C:54:B9
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       629DEB3EA2001FAB49A23299318F46EFCDE40030
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS397968.roa
Signing time:             Tue 19 May 2026 11:12:05 +0000
ROA not before:           Tue 19 May 2026 11:07:05 +0000
ROA not after:            Tue 18 May 2027 11:12:05 +0000
asID:                     397968
IP address blocks:        95.134.23.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 20 May 2026 13:48:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            62:9d:eb:3e:a2:00:1f:ab:49:a2:32:99:31:8f:46:ef:cd:e4:00:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: May 19 11:07:05 2026 GMT
            Not After : May 18 11:12:05 2027 GMT
        Subject: CN=E7FCC6A1436DEE54BA2176F0ABFFC07ED17C54B9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:43:a7:96:8c:95:ae:8a:a4:49:e7:cc:d0:6e:
                    9e:65:51:09:b4:56:23:2a:db:51:c4:c3:8e:fd:47:
                    06:cd:d2:ab:8f:ce:4d:17:38:5b:57:45:4d:55:6e:
                    6d:77:40:87:55:49:38:2a:40:c3:1f:f8:6b:be:e5:
                    e0:18:a0:11:1b:c5:49:37:99:86:82:c7:9c:78:03:
                    f5:dd:e9:3d:62:1b:12:00:a8:9c:dd:8a:1a:11:eb:
                    63:75:08:d1:9b:03:99:88:a5:3c:6c:74:23:7f:d7:
                    75:dc:39:a4:94:6f:e8:a2:b2:53:a9:12:ff:4a:8d:
                    f3:c4:db:12:df:06:da:52:74:ff:7c:91:b3:44:a8:
                    d6:31:2e:92:a2:5b:e5:b9:77:e7:c6:f1:c3:d9:5a:
                    88:94:d4:8b:61:c7:f6:b7:e2:d9:56:88:c2:5b:55:
                    a5:e0:84:6a:18:fb:da:b5:16:43:5c:c4:e3:19:6b:
                    a6:13:e1:1f:fa:b0:67:df:09:4f:29:c5:e8:d0:27:
                    10:63:5f:1c:b1:97:99:72:7f:4b:7a:bc:99:69:26:
                    0b:40:81:61:05:36:d7:5a:ab:75:00:09:dd:ae:58:
                    57:ce:3f:19:23:c7:ce:1c:1b:d0:04:fa:b9:b7:4e:
                    1b:04:09:a7:7b:8f:83:ff:4b:61:ea:dc:c6:8c:f6:
                    8e:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:FC:C6:A1:43:6D:EE:54:BA:21:76:F0:AB:FF:C0:7E:D1:7C:54:B9
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS397968.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.134.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:5c:6d:50:13:55:c0:5c:62:7a:e1:bf:c2:99:b9:62:38:89:
         7a:e4:58:47:9a:9a:0c:51:32:99:c3:aa:11:0e:72:48:46:b7:
         68:51:74:59:22:84:1d:76:c1:74:a0:c4:c3:23:d2:ae:8c:cb:
         dc:f7:12:e6:da:f9:cb:45:61:ba:6e:f1:cb:f7:38:72:07:0d:
         8c:c9:a4:60:17:5e:39:d1:10:90:67:ff:6e:90:7e:24:2e:1f:
         bb:34:04:67:ce:f7:9e:27:c4:c6:47:13:79:25:e9:75:38:75:
         c5:b3:6e:bb:b6:02:e2:53:d6:70:13:f3:84:05:0d:59:eb:2d:
         6b:ca:62:54:33:6d:4c:c3:3c:6b:50:92:04:80:bb:45:f7:cf:
         70:e0:31:41:e6:c9:70:42:c8:cc:d0:e4:59:24:2b:aa:99:c3:
         0e:24:e5:5c:e6:20:73:a8:86:b9:89:65:6e:ba:95:e0:28:4a:
         f1:0d:d2:56:96:a2:52:29:11:a4:6b:a7:80:03:55:dc:ca:cc:
         ea:68:d1:97:e7:a7:c8:94:fb:55:bd:3f:6b:e7:80:48:4f:71:
         33:d3:05:43:dd:b7:b9:8c:ea:74:18:06:c8:62:5f:ba:17:39:
         8f:55:3b:ef:b2:9e:a4:b1:7f:f1:d1:cc:8b:88:84:0e:f1:c6:
         d2:8f:b2:33
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUYp3rPqIAH6tJojKZMY9G783kADAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNjA1MTkxMTA3MDVaFw0yNzA1MTgxMTEyMDVaMDMxMTAvBgNV
BAMTKEU3RkNDNkExNDM2REVFNTRCQTIxNzZGMEFCRkZDMDdFRDE3QzU0QjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsQ6eWjJWuiqRJ58zQbp5lUQm0
ViMq21HEw479RwbN0quPzk0XOFtXRU1Vbm13QIdVSTgqQMMf+Gu+5eAYoBEbxUk3
mYaCx5x4A/Xd6T1iGxIAqJzdihoR62N1CNGbA5mIpTxsdCN/13XcOaSUb+iislOp
Ev9KjfPE2xLfBtpSdP98kbNEqNYxLpKiW+W5d+fG8cPZWoiU1Ithx/a34tlWiMJb
VaXghGoY+9q1FkNcxOMZa6YT4R/6sGffCU8pxejQJxBjXxyxl5lyf0t6vJlpJgtA
gWEFNtdaq3UACd2uWFfOPxkjx84cG9AE+rm3ThsECad7j4P/S2Hq3MaM9o6jAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU5/zGoUNt7lS6IXbwq//AftF8VLkwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMzk3OTY4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX4YX
MA0GCSqGSIb3DQEBCwUAA4IBAQA6XG1QE1XAXGJ64b/CmbliOIl65FhHmpoMUTKZ
w6oRDnJIRrdoUXRZIoQddsF0oMTDI9KujMvc9xLm2vnLRWG6bvHL9zhyBw2MyaRg
F1450RCQZ/9ukH4kLh+7NARnzveeJ8TGRxN5Jel1OHXFs267tgLiU9ZwE/OEBQ1Z
6y1rymJUM21MwzxrUJIEgLtF989w4DFB5slwQsjM0ORZJCuqmcMOJOVc5iBzqIa5
iWVuupXgKErxDdJWlqJSKRGka6eAA1XcyszqaNGX56fIlPtVvT9r54BIT3Ez0wVD
3be5jOp0GAbIYl+6FzmPVTvvsp6ksX/x0cyLiIQO8cbSj7Iz
-----END CERTIFICATE-----